threatvector.cylance.com Open in urlscan Pro
54.148.87.203 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Submission: On September 30 via api (September 30th 2019, 3:28:30 pm UTC) from CH

Summary HTTP 117 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 40 IPs in 7 countries across 41 domains to perform 117 HTTP transactions. The main IP is 54.148.87.203, located in Boardman, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is threatvector.cylance.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on June 12th 2019. Valid for: a year.

This is the only time threatvector.cylance.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
29	54.148.87.203 54.148.87.203	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
11	72.247.225.88 72.247.225.88	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	2a00:1450:400... 2a00:1450:4001:817::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
2	104.16.96.80 104.16.96.80	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	151.139.237.11 151.139.237.11	33438 (HIGHWINDS2) (HIGHWINDS2 - Highwinds Network Group)
12	2a02:26f0:6c0... 2a02:26f0:6c00:297::9b6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	52.212.90.74 52.212.90.74	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
4	2a00:1450:400... 2a00:1450:4001:825::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
2	104.111.251.133 104.111.251.133	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	2a00:1450:400... 2a00:1450:4001:821::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81e::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	192.28.147.68 192.28.147.68	53580 (MARKETO) (MARKETO - MARKETO)
1	3.248.26.129 3.248.26.129	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
5	93.184.220.178 93.184.220.178	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
2	2a02:26f0:6c0... 2a02:26f0:6c00:28c::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 3	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE - Google LLC)
1	143.204.214.24 143.204.214.24	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2a00:1450:400... 2a00:1450:4001:825::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	143.204.214.90 143.204.214.90	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 2	52.48.112.242 52.48.112.242	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	143.204.214.111 143.204.214.111	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 3	2a00:1450:400... 2a00:1450:4001:800::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2a00:1450:400... 2a00:1450:4001:819::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:400c:c06::9b	15169 (GOOGLE) (GOOGLE - Google LLC)
1	66.117.29.227 66.117.29.227	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
1 2	2620:119:50e1... 2620:119:50e1:105::6cae:b25	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1 1	2620:119:50e4... 2620:119:50e4:101::6cae:b51	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
4	72.247.224.172 72.247.224.172	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
15 20	54.217.212.192 54.217.212.192	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
2 2	52.58.138.174 52.58.138.174	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	52.29.177.239 52.29.177.239	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	72.247.225.98 72.247.225.98	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	69.173.144.136 69.173.144.136	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
1 3	151.101.14.2 151.101.14.2	54113 (FASTLY) (FASTLY - Fastly)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC - PubMatic)
2 2	2a00:1288:110... 2a00:1288:110:833::4000	34010 (YAHOO-IRD) (YAHOO-IRD)
1 2	52.29.202.222 52.29.202.222	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	52.29.212.58 52.29.212.58	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	185.33.223.221 185.33.223.221	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
1	35.190.72.21 35.190.72.21	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	34.95.120.147 34.95.120.147	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
117	40

29 54.148.87.203 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-148-87-203.us-west-2.compute.amazonaws.com

threatvector.cylance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 72.247.225.88 (United States)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a72-247-225-88.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.96.80 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

app-sj16.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.237.11 (Dallas, United States)

ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US)

cdn.rawgit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a02:26f0:6c00:297::9b6 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

s7d2.scene7.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.212.90.74 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-212-90-74.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.251.133 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-251-133.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.147.68 (United States)

ASN53580 (MARKETO - MARKETO, Inc., US)

524-dom-989.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.248.26.129 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-3-248-26-129.eu-west-1.compute.amazonaws.com

cylance.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (United States) 1 redirects

ASN15224 (OMNITURE - Adobe Systems Inc., US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 93.184.220.178 (London, United Kingdom)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:28c::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.23.98 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s45-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.214.24 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-214-24.fra53.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:825::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.214.90 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-214-90.fra53.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.48.112.242 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-48-112-242.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.214.111 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-214-111.fra53.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:819::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9b (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.29.227 (United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)

cylance.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e1:105::6cae:b25 (United States) 1 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:119:50e4:101::6cae:b51 (United States) 1 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 72.247.224.172 (United States)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a72-247-224-172.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 54.217.212.192 (Dublin, Ireland) 15 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-217-212-192.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.58.138.174 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-58-138-174.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.29.177.239 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-29-177-239.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.247.225.98 (United States) 1 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a72-247-225-98.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.136 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.14.2 (Frankfurt am Main, Germany) 1 redirects

ASN54113 (FASTLY - Fastly, US)

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC - PubMatic, Inc., US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:110:833::4000 (United Kingdom) 2 redirects

ASN34010 (YAHOO-IRD, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.29.202.222 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-29-202-222.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.29.212.58 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-29-212-58.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.223.221 (Netherlands)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 316.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.72.21 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 21.72.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.95.120.147 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: 147.120.95.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	cylance.com threatvector.cylance.com	455 KB
24	adroll.com 15 redirects s.adroll.com d.adroll.com	28 KB
12	scene7.com s7d2.scene7.com	187 KB
11	adobedtm.com assets.adobedtm.com	65 KB
5	bizible.com cdn.bizible.com	34 KB
4	yahoo.com 3 redirects ups.analytics.yahoo.com ads.yahoo.com	2 KB
4	doubleclick.net 2 redirects googleads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net	3 KB
4	gstatic.com fonts.gstatic.com	49 KB
3	facebook.net connect.facebook.net	120 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	2 KB
3	google.de www.google.de	329 B
3	google.com 1 redirects www.google.com	400 B
3	company-target.com 1 redirects api.company-target.com segments.company-target.com	2 KB
3	demdex.net dpm.demdex.net cylance.demdex.net	2 KB
2	openx.net 1 redirects us-u.openx.net	480 B
2	bidswitch.net 1 redirects x.bidswitch.net	910 B
2	3lift.com 1 redirects eb2.3lift.com	617 B
2	outbrain.com 1 redirects sync.outbrain.com	700 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com	2 KB
2	advertising.com 2 redirects pixel.advertising.com	720 B
2	bidr.io 2 redirects match.prod.bidr.io	752 B
2	googleadservices.com www.googleadservices.com	18 KB
2	licdn.com snap.licdn.com	6 KB
2	bing.com bat.bing.com	8 KB
2	marketo.net munchkin.marketo.net	6 KB
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
2	rawgit.com cdn.rawgit.com	5 KB
2	marketo.com app-sj16.marketo.com	58 KB
1	facebook.com www.facebook.com	246 B
1	rlcdn.com idsync.rlcdn.com	62 B
1	adnxs.com ib.adnxs.com	874 B
1	taboola.com trc.taboola.com	263 B
1	pubmatic.com simage2.pubmatic.com	862 B
1	rubiconproject.com pixel.rubiconproject.com	239 B
1	omtrdc.net cylance.sc.omtrdc.net	592 B
1	demandbase.com tag.demandbase.com	15 KB
1	everesttech.net 1 redirects cm.everesttech.net	527 B
1	mktoresp.com 524-dom-989.mktoresp.com	303 B
1	ytimg.com s.ytimg.com	9 KB
1	youtube.com www.youtube.com	923 B
1	googleapis.com fonts.googleapis.com	558 B
117	41

	Domain	Requested by
29	threatvector.cylance.com	threatvector.cylance.com www.google-analytics.com
20	d.adroll.com	15 redirects threatvector.cylance.com
12	s7d2.scene7.com	threatvector.cylance.com
11	assets.adobedtm.com	threatvector.cylance.com
5	cdn.bizible.com	threatvector.cylance.com cdn.bizible.com
4	s.adroll.com	threatvector.cylance.com
4	fonts.gstatic.com	app-sj16.marketo.com threatvector.cylance.com
3	connect.facebook.net	s.adroll.com connect.facebook.net
3	www.google.de	threatvector.cylance.com
3	www.google.com	1 redirects threatvector.cylance.com
2	us-u.openx.net	1 redirects
2	x.bidswitch.net	1 redirects
2	eb2.3lift.com	1 redirects
2	ads.yahoo.com	2 redirects
2	sync.outbrain.com	1 redirects
2	dsum-sec.casalemedia.com	1 redirects
2	ups.analytics.yahoo.com	1 redirects
2	pixel.advertising.com	2 redirects
2	px.ads.linkedin.com	1 redirects
2	segments.company-target.com	1 redirects threatvector.cylance.com
2	match.prod.bidr.io	2 redirects
2	googleads.g.doubleclick.net	threatvector.cylance.com
2	www.googleadservices.com	threatvector.cylance.com assets.adobedtm.com
2	snap.licdn.com	threatvector.cylance.com snap.licdn.com
2	bat.bing.com	threatvector.cylance.com
2	munchkin.marketo.net	threatvector.cylance.com munchkin.marketo.net
2	www.google-analytics.com	1 redirects threatvector.cylance.com
2	dpm.demdex.net	threatvector.cylance.com
2	cdn.rawgit.com	threatvector.cylance.com
2	app-sj16.marketo.com	threatvector.cylance.com app-sj16.marketo.com
1	www.facebook.com
1	cm.g.doubleclick.net	1 redirects
1	idsync.rlcdn.com
1	ib.adnxs.com
1	trc.taboola.com
1	simage2.pubmatic.com
1	pixel.rubiconproject.com
1	www.linkedin.com	1 redirects
1	cylance.sc.omtrdc.net	threatvector.cylance.com
1	stats.g.doubleclick.net	1 redirects
1	api.company-target.com	threatvector.cylance.com
1	tag.demandbase.com	threatvector.cylance.com
1	cm.everesttech.net	1 redirects
1	cylance.demdex.net	threatvector.cylance.com
1	524-dom-989.mktoresp.com	threatvector.cylance.com
1	s.ytimg.com	www.youtube.com
1	www.youtube.com	threatvector.cylance.com
1	fonts.googleapis.com	threatvector.cylance.com
117	48

This site contains links to these domains. Also see Links.

Domain
www.cylance.com
www.facebook.com
www.youtube.com
twitter.com
www.linkedin.com
shop.cylance.com

Subject Issuer	Validity	Valid
*.cylance.com DigiCert SHA2 Secure Server CA	`2019-06-12` - `2020-09-18`	a year	crt.sh
assets.adobedtm.com DigiCert SHA2 High Assurance Server CA	`2019-06-27` - `2021-07-01`	2 years	crt.sh
*.googleapis.com GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
app-sj16.marketo.com CloudFlare Inc ECC CA-2	`2019-02-22` - `2020-02-22`	a year	crt.sh
rawgit.com COMODO RSA Domain Validation Secure Server CA	`2018-12-29` - `2020-01-13`	a year	crt.sh
*.scene7.com DigiCert SHA2 Secure Server CA	`2019-01-02` - `2020-03-02`	a year	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
*.google.com GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2018-12-24` - `2020-03-24`	a year	crt.sh
*.mktoresp.com GeoTrust RSA CA 2018	`2018-02-05` - `2020-02-05`	2 years	crt.sh
www.bing.com Microsoft IT TLS CA 2	`2019-04-30` - `2021-04-30`	2 years	crt.sh
cdn.bizible.com Go Daddy Secure Certificate Authority - G2	`2019-03-14` - `2021-04-13`	2 years	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
www.googleadservices.com GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
*.demandbase.com Go Daddy Secure Certificate Authority - G2	`2018-09-20` - `2020-11-19`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2019-06-19` - `2021-08-18`	2 years	crt.sh
www.google.com GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
www.google.de GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
*.sc.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2019-04-23` - `2020-04-14`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2019-05-29` - `2021-06-29`	2 years	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2018-12-19` - `2020-03-19`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-08-24` - `2019-10-19`	2 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2019-05-08` - `2019-11-04`	6 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2019-07-17` - `2020-03-09`	8 months	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
f2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-07-30` - `2020-07-25`	a year	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.3lift.com Amazon	`2019-07-17` - `2020-08-17`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2019-04-17` - `2020-05-04`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-04-24` - `2020-04-23`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2018-01-04` - `2020-07-09`	3 years	crt.sh

This page contains 2 frames:

Primary Page: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Frame ID: C380139C01CEC65C93F4DA05AFFB7370
Requests: 116 HTTP requests in this frame

Frame: https://cylance.demdex.net/dest5.html?d_nsid=0
Frame ID: 9ED44267D298B9C1B1F4F39658C40FEF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

script /\/etc.clientlibs\//i

Java (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

script /\/etc.clientlibs\//i

ZURB Foundation (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+foundation[^>"]+css/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /(?:a|s)\.adroll\.com/i

Adobe DTM (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

script /\/\/assets.adobedtm.com\//i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

script /munchkin\.marketo\.net\/munchkin\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

117
Requests

100 %
HTTPS

37 %
IPv6

41
Domains

48
Subdomains

40
IPs

7
Countries

1082 kB
Transfer

3091 kB
Size

21
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cylance.com/en-us/company/about-us/privacy-notice.html
Title: Read More

Search URL Search Domain Scan URL

URL: https://www.cylance.com/
Title: Cylance.com

Search URL Search Domain Scan URL

URL: https://www.facebook.com/CylanceInc

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/CylanceInc

Search URL Search Domain Scan URL

URL: https://twitter.com/cylanceinc

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cylanceinc

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/company/about-us/index.html
Title: Who We Are

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/resources/knowledge-center/index.html
Title: Resource Center

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/company/news-and-press/news.html
Title: Cylance News

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/company/news-and-press/press-releases.html
Title: Press Releases

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/company/about-us/terms-of-service.html
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/platform/products/index.html
Title: CylancePROTECT

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en_us/products/our-products/optics.html
Title: CylanceOPTICS

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/platform/products/cylance-threatzero.html
Title: Cylance ThreatZERO

Search URL Search Domain Scan URL

URL: https://shop.cylance.com/us
Title: Cylance Smart Antivirus

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en_us/services/left-structure-nav/overview/consulting.html
Title: Consulting Overview

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/solutions/industry/index.html
Title: Industry Overview

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 54

https://cm.everesttech.net/cm/dd?d_uuid=86531401560127116234480547295151431759 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XZIfDgAAE-oNczx0

Request Chain 73

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AAN-3U67JD4AABVzn-I0uw HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAN-3U67JD4AABVzn-I0uw&verifyHash=8d29c07a4b628c95e73a838212f176045893e105

Request Chain 81

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=899212684&t=pageview&_s=1&dl=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&ul=en-us&de=UTF-8&dt=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=KHBAAAAB~&jid=1193073065&gjid=1454407240&cid=1658947386.1569857294&tid=UA-33464378-1&_gid=286943369.1569857294&_r=1&z=215626011 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-33464378-1&cid=1658947386.1569857294&jid=1193073065&_gid=286943369.1569857294&gjid=1454407240&_v=j79&z=215626011 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1658947386.1569857294&jid=1193073065&_v=j79&z=215626011 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1658947386.1569857294&jid=1193073065&_v=j79&z=215626011&slf_rd=1&random=999491368

Request Chain 87

https://px.ads.linkedin.com/collect/?time=1569857294868&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&fmt=js&s=1 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1569857294868%26pid%3D37262%26url%3Dhttps%253A%252F%252Fthreatvector.cylance.com%252Fen_us%252Fhome%252Finside-the-apt28-dll-backdoor-blitz.html%26fmt%3Djs%26s%3D1%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect/?time=1569857294868&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&fmt=js&s=1&liSync=true

Request Chain 95

https://d.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB?adroll_fpc=87fd8cfef8c7821f87f01cb3d0cedcd1-1569857294964&xid_ch=f&pv=721478743.4219439&cookie=&adroll_s_ref=&keyw=&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html HTTP 302
https://s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/BMNOXKZHPFHPDK7ZYEXFSC.js

Request Chain 98

https://d.adroll.com/cm/aol/out?adroll_fpc=87fd8cfef8c7821f87f01cb3d0cedcd1-1569857294964&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/55980/sync?uid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPebd190f7-e396-11e9-b46f-0217404b423a HTTP 302
https://ups.analytics.yahoo.com/ups/55980/sync?uid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPebd190f7-e396-11e9-b46f-0217404b423a&verify=true

Request Chain 99

https://d.adroll.com/cm/index/out?adroll_fpc=87fd8cfef8c7821f87f01cb3d0cedcd1-1569857294964&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&expiration=1601393295 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&expiration=1601393295&C=1

Request Chain 100

https://d.adroll.com/cm/n/out?adroll_fpc=87fd8cfef8c7821f87f01cb3d0cedcd1-1569857294964&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&expires=365

Request Chain 101

https://d.adroll.com/cm/outbrain/out?adroll_fpc=87fd8cfef8c7821f87f01cb3d0cedcd1-1569857294964&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&rdrctExp=true

Request Chain 102

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=87fd8cfef8c7821f87f01cb3d0cedcd1-1569857294964&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 103

https://d.adroll.com/cm/r/out?adroll_fpc=87fd8cfef8c7821f87f01cb3d0cedcd1-1569857294964&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 104

https://d.adroll.com/cm/taboola/out?adroll_fpc=87fd8cfef8c7821f87f01cb3d0cedcd1-1569857294964&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM

Request Chain 105

https://d.adroll.com/cm/triplelift/out?adroll_fpc=87fd8cfef8c7821f87f01cb3d0cedcd1-1569857294964&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&dongle=c85e HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&dongle=c85e&gdpr=1&cmp_cs=

Request Chain 107

https://d.adroll.com/cm/r/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 108

https://d.adroll.com/cm/b/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM

Request Chain 109

https://d.adroll.com/cm/x/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM

Request Chain 110

https://d.adroll.com/cm/l/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://idsync.rlcdn.com/377928.gif?partner_uid=841a4c2143053ab78ce8b30012951bd3

Request Chain 111

https://d.adroll.com/cm/o/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=841a4c2143053ab78ce8b30012951bd3 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=841a4c2143053ab78ce8b30012951bd3

Request Chain 112

https://d.adroll.com/cm/g/out?advertisable=OU3SUNRJWBHPTCY5X23OHE&google_nid=adroll5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=hBpMIUMFOreM6LMAEpUb0w HTTP 302
https://d.adroll.com/cm/g/in

117 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set inside-the-apt28-dll-backdoor-blitz.html Show response
threatvector.cylance.com/en_us/home/ 71 KB
19 KB 816ms
315ms Document
text/html 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

0d9ab500d1938a5eba801a14a7fe0856dcc39e83850ef45d08ce3e7cb98223a6

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: threatvector.cylance.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

Accept-Ranges: bytes
Cache-control: no-cache="set-cookie"
Content-Encoding: gzip
Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Type: text/html;charset=utf-8
Date: Mon, 30 Sep 2019 15:28:13 GMT
ETag: "11ba5-59390916d8200-gzip"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Last-Modified: Fri, 27 Sep 2019 22:40:08 GMT
Referrer-Policy: no-referrer-when-downgrade
Server: Apache
Set-Cookie: AWSELB=4D0BDD9F0A163D48ECFEF400CB706ACF82CD0195C8D5AF0B639C0FF52381F196F79B59DABDA65005DB13B5CC961C67EC4A82E113711D6D70A536F9B759B0F5D706ABCD580A;PATH=/;MAX-AGE=900
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 18622
Connection: keep-alive

GET
H/1.1 200
OK main.731db1757391070f3ea2ead82acaf408.css
threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/ 12 KB
3 KB 158ms
158ms Stylesheet
text/css 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/main.731db1757391070f3ea2ead82acaf408.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

d4e42e78d5938248bc7eeac03bfacee8cd2a392daa3885637a7899ca4fb30e3c

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "2eda-591e577dc0700-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 2403
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:13 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/css;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK jquery.5e8d3382f82b03b0bf3fea3024eecd61.js Show response
threatvector.cylance.com/etc.clientlibs/clientlibs/granite/ 288 KB
87 KB 644ms
329ms Script
application/javascript 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery.5e8d3382f82b03b0bf3fea3024eecd61.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

45e2f85e3aab6c36988703f5cc06444289bb795a25736b74975073c98de18498

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "47f04-591e577eb4940-gzip"
transfer-encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:13 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK utils.7a49486e1c734bd5d7fd0c1c68c83d9b.js Show response
threatvector.cylance.com/etc.clientlibs/clientlibs/granite/ 47 KB
11 KB 484ms
164ms Script
application/javascript 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/utils.7a49486e1c734bd5d7fd0c1c68c83d9b.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

e35896fcd15b2238b1b5e2d4fbbd2b287f57dbbded51ab1a2217c38ce6a51d2f

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "bcc7-591e577eb4940-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 10676
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:13 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK granite.ed0d934d509c9dab702088c125c92b4f.js Show response
threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/ 10 KB
4 KB 486ms
161ms Script
application/javascript 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

fe7b1fa106b52fd3b7a72421171503eee8ec0c911d495be3ce168f76ed7cc8b1

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "28d6-591e577eb4940-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 2974
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:13 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK jquery.26df26a88f9f71ceabb6a15e7cb9c550.js Show response
threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/ 471 B
1 KB 491ms
166ms Script
application/javascript 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/jquery.26df26a88f9f71ceabb6a15e7cb9c550.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

2afa0193eebc6dcba6256c02ba126cd809b278a8c271ba1344af1d54520fb173

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "1d7-591e577eb4940-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 316
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:13 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK shared.06a50b23d97647c86982b7801a20508a.js Show response
threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/ 98 KB
19 KB 786ms
316ms Script
application/javascript 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/shared.06a50b23d97647c86982b7801a20508a.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

1cac386a226657759d39c04b26768f03915090f0f1a5b4e6ca815d7478228159

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "18868-591e577eb4940-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 18634
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:13 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK main.e2198d73b3e90f0b787085da720eb46e.js Show response
threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/ 22 KB
7 KB 645ms
161ms Script
application/javascript 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/main.e2198d73b3e90f0b787085da720eb46e.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

f6281f4fc0c8b4cd0ecb0cf382c080d9e5f01b58c816d5f071969f3734465fc6

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "5963-591e577eb4940-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 6275
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:14 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK cylance-blogs.css
threatvector.cylance.com/etc/designs/ 0
756 B 321ms
162ms Stylesheet
text/css 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc/designs/cylance-blogs.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Oct 2017 04:24:09 GMT
Server: Apache
Date: Mon, 30 Sep 2019 15:28:13 GMT
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: text/css;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Vary: User-Agent
Content-Length: 0
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK main.d6fc6f0b35c968dde40b02af38f21447.css
threatvector.cylance.com/etc/clientlibs/cylance-blogs/ 154 KB
26 KB 472ms
160ms Stylesheet
text/css 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

ce11c18967ab30115878af2f6c6dc88fce05dbda48df9cea5a7abf9fb311ef5f

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "2685c-591e577eb4940-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 25287
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:13 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/css;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK dependencies.d41d8cd98f00b204e9800998ecf8427e.css
threatvector.cylance.com/etc/clientlibs/cylance-blogs/ 0
774 B 469ms
157ms Stylesheet
text/css 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/dependencies.d41d8cd98f00b204e9800998ecf8427e.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
ETag: "0-591e577eb4940"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 0
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:13 GMT
Vary: User-Agent
Content-Type: text/css;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H2 200 launch-EN9a198e584a4641e5a638d027ddddb3cf.min.js Show response
assets.adobedtm.com/ 149 KB
46 KB 44ms
20ms Script
application/x-javascript 72.247.225.88
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-EN9a198e584a4641e5a638d027ddddb3cf.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.88 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-225-88.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7fbbeba68616ec3cd21955086a765a1c74d81b3f2772babba4f8f9719adb2d5c

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:13 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:25 GMT
server: Apache
etag: "5aebb26c4d05b067a5277a6a715dfbac:1560460645"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 30 Sep 2019 16:28:13 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
558 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:817::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

e85d93603219c7af97e29b183b6f22d04991b9b01c4a79ae824e62ea7aa809b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 30 Sep 2019 15:28:13 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
date: Mon, 30 Sep 2019 15:28:13 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
expires: Mon, 30 Sep 2019 15:28:13 GMT

GET
H2 200 forms2.min.js Show response
app-sj16.marketo.com/js/forms2/js/ 169 KB
58 KB 53ms
30ms Script
application/x-javascript 104.16.96.80
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj16.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.96.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

321bbcc4cc57483b7e329186e5159498b668ddde87cb64696ddcdc95176cce82

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Wed, 07 Aug 2019 18:10:53 GMT
server: cloudflare
age: 3231
etag: "a7324-2a536-58f8adc9ba540"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=14400
cf-ray: 51e739b42ea463b9-FRA
expires: Mon, 30 Sep 2019 19:28:13 GMT

GET
H2 200 featherlight.min.css
cdn.rawgit.com/noelboss/featherlight/1.7.9/release/ 2 KB
1 KB 101ms
7ms Stylesheet
text/css 151.139.237.11
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.rawgit.com/noelboss/featherlight/1.7.9/release/featherlight.min.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.139.237.11 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),

Reverse DNS

Software

NetDNA-cache/2.2 /

Resource Hash

96904bcac47ca5d98b664970580ea473e1e6a6b285c87e8cb3caa2f1928e7219

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: NetDNA-cache/2.2
status: 200
etag: W/"817cdef4a8ec3dc545361453f69e4209a3c4d809"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315569000, immutable
strict-transport-security: max-age=31536000; preload
x-robots-tag: none
rawgit-cache-status: HIT

GET
H2 200 fig1-apt28-dll
s7d2.scene7.com/is/image/cylance/ 3 KB
3 KB 20ms
6ms Image
image/jpeg 2a02:26f0:6c00:297::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig1-apt28-dll?&wid=115&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:297::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 724e680010b9d1ee1b0f0db1e6099c7db6b5229be91cf5b75533de3c5b8c7d1c

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:13 GMT
last-modified: Thu, 22 Aug 2019 16:04:52 GMT
server: Unknown
etag: "bc745cb9afe22dd564e810ffa2dd3eeb"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 3192
expires: Mon, 30 Sep 2019 17:52:50 GMT

GET
H2 200 fig2-apt28-dll
s7d2.scene7.com/is/image/cylance/ 19 KB
19 KB 10ms
9ms Image
image/jpeg 2a02:26f0:6c00:297::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig2-apt28-dll?&wid=588&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:297::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: b8b5683eb4fcbc82d4c540136efe3ee0ded7371ff2cf7f8c785843e9c861aec0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
last-modified: Thu, 22 Aug 2019 16:01:18 GMT
server: Unknown
etag: "53a933e275b4a42c8e43dc66b0d85c5a"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 18974
expires: Mon, 30 Sep 2019 17:52:50 GMT

GET
H2 200 fig3xx-apt28-dll
s7d2.scene7.com/is/image/cylance/ 5 KB
5 KB 15ms
13ms Image
image/jpeg 2a02:26f0:6c00:297::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig3xx-apt28-dll?&wid=384&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:297::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: cff371c01c3befd5a6c96bc1af3c55158b6007e6223244fc245247e94f42cfb4

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
last-modified: Thu, 22 Aug 2019 16:01:58 GMT
server: Unknown
etag: "45c5b7327f8304bc7aff20debfedb069"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 5091
expires: Mon, 30 Sep 2019 17:52:50 GMT

GET
H2 200 fig5-apt28-dll
s7d2.scene7.com/is/image/cylance/ 41 KB
41 KB 15ms
14ms Image
image/jpeg 2a02:26f0:6c00:297::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig5-apt28-dll?&wid=824&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:297::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 0ab842476f3437f398ceeaeca957b0abf23d78d307ec16518ad12ea6781ca9e6

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
last-modified: Thu, 22 Aug 2019 16:03:09 GMT
server: Unknown
etag: "ac7445e6a4884d86ac89f51183bb2195"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 41888
expires: Mon, 30 Sep 2019 17:52:50 GMT

GET
H2 200 fig6-apt28-dll
s7d2.scene7.com/is/image/cylance/ 24 KB
24 KB 19ms
18ms Image
image/jpeg 2a02:26f0:6c00:297::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig6-apt28-dll?&wid=639&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:297::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 287450a4f4a05b901d7b7b5df6252640aec13825c1059905a79c369e4f97ec23

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
last-modified: Thu, 22 Aug 2019 22:10:27 GMT
server: Unknown
etag: "ddf9f5bfae4422dfddddc5ec17223ff8"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 24694
expires: Mon, 30 Sep 2019 17:52:50 GMT

GET
H/1.1 200
OK author_thumbnail_default.jpg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/placeholder/ 2 KB
3 KB 157ms
157ms Image
image/jpeg 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/placeholder/author_thumbnail_default.jpg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

2d9245daf2dcc8739b68091fc3afea1e48c3add85f07d57e551a2ab7a714853e

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 30 Sep 2019 15:28:14 GMT
Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:09:24 GMT
Server: Apache
ETag: "8d7-591e57ff73900"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Accept-Ranges: bytes
Content-Length: 2263
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Cylance_BB_Logo_RGB_Horz_Black.png
threatvector.cylance.com/content/dam/cylance-blog/en_us/logos/ 19 KB
19 KB 161ms
161ms Image
image/png 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/content/dam/cylance-blog/en_us/logos/Cylance_BB_Logo_RGB_Horz_Black.png

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

eb2deec7e5394e29e51ff83e920f1ce3c092ae5c63b711a4b755b9861a8bc6cd

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
ETag: "4aaf-591e577fa8b80"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-XSS-Protection: 1; mode=block
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Accept-Ranges: bytes
Content-Length: 19119
Date: Mon, 30 Sep 2019 15:28:14 GMT

GET
H/1.1 200
OK dependencies.a089e038f1a299472aab3599efb8d481.js Show response
threatvector.cylance.com/etc/clientlibs/cylance-blogs/ 668 KB
158 KB 171ms
171ms Script
application/javascript 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/dependencies.a089e038f1a299472aab3599efb8d481.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

adc2c8e679ffd8f0cbc9270749db4f687b9201280b2913c2817f230584ea4e1d

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "a70c1-591e577eb4940-gzip"
transfer-encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:14 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK main.97c9aac6ee7df8531607278a78c5c231.js Show response
threatvector.cylance.com/etc/clientlibs/cylance-blogs/ 236 KB
63 KB 173ms
172ms Script
application/javascript 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.97c9aac6ee7df8531607278a78c5c231.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

1017b2b6551aca43896313770d3c3041d58cee227ce35861c60ef0a10dc38c64

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "3b09d-591e577fa8b80-gzip"
transfer-encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:14 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H2 200 featherlight.min.js Show response
cdn.rawgit.com/noelboss/featherlight/1.7.9/release/ 9 KB
4 KB 6ms
5ms Script
application/javascript 151.139.237.11
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.rawgit.com/noelboss/featherlight/1.7.9/release/featherlight.min.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.139.237.11 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),

Reverse DNS

Software

NetDNA-cache/2.2 /

Resource Hash

0e41a843709f19f5327078ad0e4fca7ff8485d280f2458c15b555957a0e646cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: NetDNA-cache/2.2
status: 200
etag: W/"2f5a26ba5509a7f0235bf1f53ed375289bfc91bd"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315569000, immutable
strict-transport-security: max-age=31536000; preload
x-robots-tag: none
rawgit-cache-status: HIT

GET
H/1.1 200
OK token.json Show response
threatvector.cylance.com/libs/granite/csrf/ 2 B
763 B 164ms
164ms XHR
application/json 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/libs/granite/csrf/token.json

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy: no-referrer-when-downgrade
Server: Apache
Date: Mon, 30 Sep 2019 15:28:14 GMT
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Connection: keep-alive
Content-Type: application/json;charset=iso-8859-1
Cache-Control: no-cache
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Vary: User-Agent
Content-Length: 2
X-XSS-Protection: 1; mode=block
Expires: -1

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 366 B
1 KB 116ms
32ms XHR
application/json 52.212.90.74
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dpm.demdex.net/id?d_visid_ver=4.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=2297E09A576BB9677F000101%40AdobeOrg&d_nsid=0&ts=1569857294276
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.90.74 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-212-90-74.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 78e7b9885e3b62d9852dc6db9b518330fb9018039a472689e1060790a64eb171

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v044-05bcce7d2.edge-irl1.demdex.com 5.59.0.20190904135845 4ms (+1ms)
Pragma: no-cache
Content-Encoding: gzip
X-TID: wBu9gEa8S2g=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://threatvector.cylance.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 302
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP4c3fcccffd524251ae198bf677f3b6e9/ 34 KB
13 KB 14ms
14ms Script
application/x-javascript 72.247.225.88
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP4c3fcccffd524251ae198bf677f3b6e9/AppMeasurement.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.88 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-225-88.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7848472b4e994bcd2cb522201f6c123b50c4b37e5aab979ac50db3244eb894d5

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
content-encoding: gzip
last-modified: Mon, 15 Apr 2019 20:43:53 GMT
server: Apache
etag: "f005ac758d3bc63fa30fe4a4bd80448d:1555361033"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12786
expires: Mon, 30 Sep 2019 16:28:14 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 3736
date: Mon, 30 Sep 2019 14:25:58 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Mon, 30 Sep 2019 16:25:58 GMT

GET
H2 200 NaPecZTIAOhVxoMyOr9n_E7fdMPmDaZRbrw.woff2
fonts.gstatic.com/s/titilliumweb/v8/ 12 KB
12 KB 5ms
5ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v8/NaPecZTIAOhVxoMyOr9n_E7fdMPmDaZRbrw.woff2

Requested by

Host: app-sj16.marketo.com
URL: https://app-sj16.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

dd1dad45fd0dd168ad46427307aa8a206b857b783ca3afbcfe2bc8b8724acec0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600
Origin: https://threatvector.cylance.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 25 Aug 2019 05:51:35 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:24:34 GMT
server: sffe
age: 3144999
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 12344
x-xss-protection: 0
expires: Mon, 24 Aug 2020 05:51:35 GMT

GET
H2 200 NaPDcZTIAOhVxoMyOr9n_E7ffGjEGItzY5abuWI.woff2
fonts.gstatic.com/s/titilliumweb/v8/ 12 KB
12 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v8/NaPDcZTIAOhVxoMyOr9n_E7ffGjEGItzY5abuWI.woff2

Requested by

Host: app-sj16.marketo.com
URL: https://app-sj16.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

0e23b84d6736b1645a695282788cee2070cd3f5cd2c5c2e31ea0b44a942294c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600
Origin: https://threatvector.cylance.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 25 Aug 2019 05:46:59 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:18:52 GMT
server: sffe
age: 3145275
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 12524
x-xss-protection: 0
expires: Mon, 24 Aug 2020 05:46:59 GMT

GET
H/1.1 200
OK mainLogo_rgb_h_white.png
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/branding/ 10 KB
11 KB 155ms
154ms Image
image/png 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/branding/mainLogo_rgb_h_white.png

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

09bc1009eb3d9cbc800e4933a407c81b1920be72f28254baff513ee8f422f5b0

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 30 Sep 2019 15:28:14 GMT
Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
ETag: "2808-591e577fa8b80"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Accept-Ranges: bytes
Content-Length: 10248
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK main_search_close.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 938 B
1 KB 259ms
158ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/main_search_close.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

9913bba300e77cd7898ce5a11558bf789fd15cb686107a10a648109117816be1

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "3aa-591e577fa8b80-gzip"
Connection: keep-alive
Content-Length: 491
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:14 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/svg+xml
Cache-control: no-cache="set-cookie"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK main_search_icon.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 1 KB
2 KB 248ms
157ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/main_search_icon.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

26ae4b0eb488fa35fca8b199e05b5b5236192cf04a2fa5a91ba6c5c4d5ffc06d

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "594-591e576f72540-gzip"
Connection: keep-alive
Content-Length: 693
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:06:53 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:14 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/svg+xml
Cache-control: no-cache="set-cookie"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H2 200 092819-apt28-cylance-ff3-lrg
s7d2.scene7.com/is/image/cylance/ 60 KB
60 KB 16ms
16ms Image
image/jpeg 2a02:26f0:6c00:297::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/092819-apt28-cylance-ff3-lrg?&wid=1280&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:297::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 60591f0eed0ccbba8cff2adcd297791578089236065ec658ddbfdf9892f6a175

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
last-modified: Thu, 22 Aug 2019 23:18:01 GMT
server: Unknown
etag: "8b3cfd8c11f7e21026774c6227cd65e3"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 61075
expires: Mon, 30 Sep 2019 15:50:42 GMT

GET
H2 200 NaPDcZTIAOhVxoMyOr9n_E7ffAzHGItzY5abuWI.woff2
fonts.gstatic.com/s/titilliumweb/v8/ 12 KB
12 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v8/NaPDcZTIAOhVxoMyOr9n_E7ffAzHGItzY5abuWI.woff2

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

f17a340f0388383e8d2a70632006d51e5d0e95f60f1cca3f774bd78b5d3dcd07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600
Origin: https://threatvector.cylance.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 05:02:04 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:25:18 GMT
server: sffe
age: 2802370
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 12260
x-xss-protection: 0
expires: Fri, 28 Aug 2020 05:02:04 GMT

GET
H2 200 NaPDcZTIAOhVxoMyOr9n_E7ffBzCGItzY5abuWI.woff2
fonts.gstatic.com/s/titilliumweb/v8/ 12 KB
12 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v8/NaPDcZTIAOhVxoMyOr9n_E7ffBzCGItzY5abuWI.woff2

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8658dcad983dacbb3bca7bc8217fd0b75f28df85bf9259bd0dccf69e58cb0ecd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600
Origin: https://threatvector.cylance.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Sep 2019 11:23:44 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:25:27 GMT
server: sffe
age: 533070
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 12276
x-xss-protection: 0
expires: Wed, 23 Sep 2020 11:23:44 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 18ms
5ms Script
application/x-javascript 104.111.251.133
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.251.133 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-251-133.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 30 Sep 2019 15:28:14 GMT
Content-Encoding: gzip
Last-Modified: Fri, 05 Apr 2019 02:53:44 GMT
Server: Apache
ETag: "54520320df20b526337717d6d28181fc:1554432824"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H2 403 getForm
app-sj16.marketo.com/index.php/form/ 0
0 13ms
12ms Script
text/html 104.16.96.80
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://app-sj16.marketo.com/index.php/form/getForm?munchkinId=524-DOM-989&form=3163&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&callback=jQuery112405520956241395985_1569857294285&_=1569857294286
Requested by: Host: app-sj16.marketo.com
URL: https://app-sj16.marketo.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.96.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: /
Resource Hash

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 092619-understanding-privacy-lrg
s7d2.scene7.com/is/image/cylance/ 4 KB
4 KB 6ms
5ms Image
image/jpeg 2a02:26f0:6c00:297::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/092619-understanding-privacy-lrg?&wid=319&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:297::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 89a3c120cd572641fb6a13d72907fceac0b838e2b8e41d8b62f604fe5510aee8

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
last-modified: Tue, 24 Sep 2019 20:06:39 GMT
server: Unknown
etag: "a6e5af82902e9e01b07d3a4605a736a4"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 3586
expires: Mon, 30 Sep 2019 21:43:25 GMT

GET
H2 200 092519-pcshare-fakenarrator-2-lrg
s7d2.scene7.com/is/image/cylance/ 7 KB
7 KB 9ms
7ms Image
image/jpeg 2a02:26f0:6c00:297::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/092519-pcshare-fakenarrator-2-lrg?&wid=319&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:297::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 8b8fc55fbc2dcfe88398bedbc20cca9abc7f1c88caf69481f4ed98f126a5fb47

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
last-modified: Tue, 24 Sep 2019 20:33:42 GMT
server: Unknown
etag: "5ab4f64c10959a8cc079d0b889e7421d"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 6740
expires: Mon, 30 Sep 2019 17:10:09 GMT

GET
H2 200 092419-joe-menn-1-lrg
s7d2.scene7.com/is/image/cylance/ 5 KB
5 KB 9ms
8ms Image
image/jpeg 2a02:26f0:6c00:297::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/092419-joe-menn-1-lrg?&wid=319&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:297::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: e2c6c1157ce1c3288e63b8905ebfae86fcf208e6c9886d28bfdac86e1c733065

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
last-modified: Tue, 24 Sep 2019 00:35:48 GMT
server: Unknown
etag: "b96d78429d70afae8071c08dfc1ae2a9"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 5247
expires: Sun, 29 Sep 2019 11:26:31 GMT

GET
H2 200 2019%20Cybersecurity%20Awareness%20Month%20General%20BLOG%20Image
s7d2.scene7.com/is/image/cylance/ 5 KB
5 KB 10ms
8ms Image
image/jpeg 2a02:26f0:6c00:297::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/2019%20Cybersecurity%20Awareness%20Month%20General%20BLOG%20Image?&wid=319&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:297::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: dd6e22647ce2f168a4563f0f7e58299a739e769f20d4e852bc2aca006d7a5748

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
last-modified: Mon, 23 Sep 2019 02:19:29 GMT
server: Unknown
etag: "7321392886618190df66ab3a6a314afa"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 5072
expires: Thu, 26 Sep 2019 04:36:43 GMT

GET
H2 200 000-InSecurity-Podcast-LRG
s7d2.scene7.com/is/image/cylance/ 4 KB
4 KB 9ms
9ms Image
image/jpeg 2a02:26f0:6c00:297::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/000-InSecurity-Podcast-LRG?&wid=319&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:297::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 62d710d9bda1dbd522c180805ec2a66d82c84ec1093813ebf39d22f04b30d871

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
last-modified: Thu, 11 Apr 2019 19:54:05 GMT
server: Unknown
etag: "dd3973310906a18966ce86729e8f6c75"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 4371
expires: Mon, 30 Sep 2019 20:11:39 GMT

GET
H2 200 091919-food-safety-ics-2-lrg
s7d2.scene7.com/is/image/cylance/ 9 KB
9 KB 7ms
7ms Image
image/jpeg 2a02:26f0:6c00:297::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/091919-food-safety-ics-2-lrg?&wid=319&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:297::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 62dc909fddeee34ab26f67b53e11230af692a42853134d565c1e9d6194675253

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
last-modified: Wed, 18 Sep 2019 18:41:38 GMT
server: Unknown
etag: "a291bf9095a6a3e60a8a47aa2bf99b90"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 9310
expires: Mon, 30 Sep 2019 21:43:25 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
923 B 22ms
22ms Script
application/javascript 2a00:1450:4001:821::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

60ff723a37b80b02ac35c1efaf48c348d025fa19505f64c25fa02c7c77866239

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
content-type: application/javascript
status: 200
cache-control: no-cache
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 EST

GET
H/1.1 200
OK footer_social_icons_facebook.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 163ms
162ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_facebook.svg

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

937fdd2761db8d890407be8c18e64a7f3c19ded89b4d67f5606e30a560bd63c5

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "6d1-591e576f72540-gzip"
Connection: keep-alive
Content-Length: 775
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:06:53 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:14 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/svg+xml
Cache-control: no-cache="set-cookie"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK footer_social_icons_youtube.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 6 KB
3 KB 155ms
155ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_youtube.svg

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

b194fd385666036162259f55563a017e78753671e0fbd3be31a272dc2b869876

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "16d2-591e577fa8b80-gzip"
Connection: keep-alive
Content-Length: 2247
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:14 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/svg+xml
Cache-control: no-cache="set-cookie"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK footer_social_icons_twitter.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 161ms
161ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_twitter.svg

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

af6f1a1d1ca5b44168e2d69e4e92daf576df150cc615c9e62adc6eb909a73114

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "7d3-591e576f72540-gzip"
Connection: keep-alive
Content-Length: 1002
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:06:53 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:14 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/svg+xml
Cache-control: no-cache="set-cookie"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK footer_social_icons_linkedin.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 161ms
161ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_linkedin.svg

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

099bace63963205abb1875d577e797bdac573989ab27a75960eafe3ccd5fa27a

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "714-591e576f72540-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 803
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:06:53 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:14 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK footer_social_icons_rss.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 157ms
157ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_rss.svg

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

8235e55fa7f1c889f552c3d7415b6bfff016a82035dc5c77da7a1789a3de95e3

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "719-591e576f72540-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 827
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:06:53 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:14 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/155/ 9 KB
4 KB 7ms
7ms Script
application/x-javascript 104.111.251.133
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/155/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.251.133 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-251-133.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 30 Sep 2019 15:28:14 GMT
Content-Encoding: gzip
Last-Modified: Fri, 30 Nov 2018 03:18:20 GMT
Server: Apache
ETag: "c67dad42946949112916578f78706df8:1543547900"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 3923
Expires: Wed, 08 Jan 2020 15:28:14 GMT

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vflkXGhkb/ 23 KB
9 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vflkXGhkb/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

0ae8b9f65be3d17cffca937736679b69dd0b727f7a9bf20a95e6b6e16ed76c47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 08:28:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25156
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 8698
x-xss-protection: 0
last-modified: Sun, 29 Sep 2019 23:56:56 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Tue, 08 Oct 2019 08:28:58 GMT

GET
H/1.1 200
OK visitWebPage Show response
524-dom-989.mktoresp.com/webevents/ 2 B
303 B 758ms
164ms XHR
text/plain 192.28.147.68
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL: https://524-dom-989.mktoresp.com/webevents/visitWebPage?_mchNc=1569857294386&_mchCn=&_mchId=524-DOM-989&_mchTk=_mch-cylance.com-1569857294386-63614&_mchHo=threatvector.cylance.com&_mchPo=&_mchRu=%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&_mchPc=https%3A&_mchVr=155&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.147.68 , United States, ASN53580 (MARKETO - MARKETO, Inc., US),
Reverse DNS
Software: akka-http/10.1.7 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 30 Sep 2019 15:28:15 GMT
Content-Encoding: gzip
Server: akka-http/10.1.7
Transfer-Encoding: chunked
X-Request-Id: 4e90073a-8a59-4d4b-9e4c-704fdfd503c9
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK Cookie set dest5.html
cylance.demdex.net/ Frame 9ED4 0
0 163ms
38ms Document
text/html 3.248.26.129
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://cylance.demdex.net/dest5.html?d_nsid=0
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.26.129 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-248-26-129.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Host: cylance.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Accept-Encoding: gzip, deflate, br
Cookie: demdex=86531401560127116234480547295151431759
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Wed, 25 Sep 2019 09:30:38 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=86531401560127116234480547295151431759;Path=/;Domain=.demdex.net;Expires=Sat, 28-Mar-2020 15:28:14 GMT;Max-Age=15552000
Vary: Accept-Encoding, User-Agent
X-TID: FFDus1BYSFc=
Content-Length: 2764
Connection: keep-alive

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=XZIfDgAAE-oNczx0
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=86531401560127116234480547295151431759
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XZIfDgAAE-oNczx0

42 B
776 B

32ms
32ms

Image
image/gif

52.212.90.74
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dpm.demdex.net/ibs:dpid=411&dpuuid=XZIfDgAAE-oNczx0
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.90.74 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-212-90-74.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v044-0b4a146e8.edge-irl1.demdex.com 5.59.0.20190904135845 4ms (+1ms)
Pragma: no-cache
X-TID: fbIK2Z4JSLc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Mon, 30 Sep 2019 15:28:13 GMT
Server: AMO-cookiemap/1.1
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=XZIfDgAAE-oNczx0
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=15,max=100
Content-Length: 0

GET
H2 200 RC03553916c50b4787a671e14ccf605715-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 695 B
645 B 13ms
13ms Script
application/x-javascript 72.247.225.88
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC03553916c50b4787a671e14ccf605715-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.88 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-225-88.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 1a7103ddeebf3a313febafe1aba08a1cec143c98a7b6e51cacbf8893093efaa2

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:24 GMT
server: Apache
etag: "d9f372492adb73ae3b7bff0cf0a90587:1560460644"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 412
expires: Mon, 30 Sep 2019 16:28:14 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 23 KB
7 KB 77ms
48ms Script
application/javascript 2620:1ec:c11::200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: b139982ce002c53ddfb65aec1e90704c0a3704fc5aa35247f9323b74a1d3f721

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
content-encoding: gzip
last-modified: Tue, 10 Sep 2019 18:57:28 GMT
x-msedge-ref: Ref A: FD3CF2DC46C44689AFA44F7F6B1635F9 Ref B: VIEEDGE0317 Ref C: 2019-09-30T15:28:14Z
status: 200
etag: "09c5197968d51:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 7148

GET
H2 200 RCcd4cfcbe6a2644318ee9f8727d5e7eb8-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 1 KB
775 B 13ms
13ms Script
application/x-javascript 72.247.225.88
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RCcd4cfcbe6a2644318ee9f8727d5e7eb8-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.88 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-225-88.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 93a431303f6163e1a1b17d0fe9ac4edb2b042333aec637187fa92f9ed1050ae8

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:24 GMT
server: Apache
etag: "eababff33cad8c9e414fb875be462778:1560460644"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 541
expires: Mon, 30 Sep 2019 16:28:14 GMT

GET
H2 200 RCf28b419b6ee84d7a88134d7176e20bb3-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 1 KB
899 B 13ms
13ms Script
application/x-javascript 72.247.225.88
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RCf28b419b6ee84d7a88134d7176e20bb3-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.88 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-225-88.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: fe884e48d8d2602152678463aa5ac92bb7bd73b357851406aebcc046ab1d8b9f

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:24 GMT
server: Apache
etag: "6d94ea62691631fbad7ebecdcc6e04c3:1560460644"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 666
expires: Mon, 30 Sep 2019 16:28:14 GMT

GET
H2 200 RCe330e30c9b774f238563c2f0317b145b-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 654 B
624 B 14ms
14ms Script
application/x-javascript 72.247.225.88
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RCe330e30c9b774f238563c2f0317b145b-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.88 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-225-88.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: f419df72131b2e7ec36c56950099c5c8f88e3e8ba7de2438b0484d0786e56200

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:24 GMT
server: Apache
etag: "cba2baa21d2761515a7b772732db4812:1560460644"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 391
expires: Mon, 30 Sep 2019 16:28:14 GMT

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 85 KB
32 KB 35ms
9ms Script
application/x-javascript 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js?account=cylance.com
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40B4) / ASP.NET
Resource Hash: 304bfe9eb3f7bd61580b2a74331e32e2c5bb918afa808dc35f01f32f2e693510

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
content-encoding: gzip
etag: "a42384f46472d51:0"
last-modified: Mon, 23 Sep 2019 23:16:40 GMT
server: ECS (fcn/40B4)
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
accept-ranges: bytes
content-length: 33061

GET
H/1.1 200
OK share_bar_icon_linkedin.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 158ms
157ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_linkedin.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

c6e538e6a9213d8d6cb6a1f3b7c03e5a06d68ff25ec57e6eb5b4868289464de0

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "809-591e578c0e8c0-gzip"
Connection: keep-alive
Content-Length: 876
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:23 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:14 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/svg+xml
Cache-control: no-cache="set-cookie"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK share_bar_icon_twitter.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 302ms
155ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_twitter.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

7b86ac9779af83777789a7fc81940793f77b5bd3ff3d36ac8e925fccf656247a

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "8c8-591e576f72540-gzip"
Connection: keep-alive
Content-Length: 1062
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:06:53 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:14 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/svg+xml
Cache-control: no-cache="set-cookie"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK share_bar_icon_google.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 274ms
158ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_google.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

66de82969f617c85184ad351d55501233e538e7f54caa684368c8a155053874d

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "829-591e576f72540-gzip"
Connection: keep-alive
Content-Length: 867
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:06:53 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:14 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/svg+xml
Cache-control: no-cache="set-cookie"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK share_bar_icon_facebook.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 263ms
157ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_facebook.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

fe08d074a32f7c481cc425d22cdd787137feea90578e0b10556cebeefcfa3040

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "771-591e578c0e8c0-gzip"
Connection: keep-alive
Content-Length: 796
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:23 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:14 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/svg+xml
Cache-control: no-cache="set-cookie"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK share_bar_icon_email.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 1 KB
2 KB 289ms
162ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_email.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

87f55f0eb8ca3828f1f3c43da32e71933463b639ff59c86fab549600912ac687

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "49c-591e578c0e8c0-gzip"
Connection: keep-alive
Content-Length: 682
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:23 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 15:28:14 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/svg+xml
Cache-control: no-cache="set-cookie"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 944 B
753 B 12ms
12ms Script
application/x-javascript 2a02:26f0:6c00:28c::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:28c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 03f71f7cf4b7044d55aa17f413b7b312d2fe87c21032f0d31a08adce9f54f674

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 30 Sep 2019 15:28:14 GMT
Content-Encoding: gzip
Last-Modified: Fri, 27 Sep 2019 16:37:00 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=64704
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 440

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 24 KB
9 KB 15ms
15ms Script
text/javascript 172.217.23.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

f871ea640b390fb63955568f537fe736c5fd9d12600eaff29990183ed3d17712

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9149
x-xss-protection: 0
server: cafe
etag: 5022999136154715131
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 30 Sep 2019 15:28:14 GMT

GET
H2 200 6e7b478b.min.js Show response
tag.demandbase.com/ 56 KB
15 KB 37ms
9ms Script
application/javascript 143.204.214.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/6e7b478b.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.214.24 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-214-24.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d46f9e013df1aa1864b8a744dd8f1bddf6b0a372d8745917d432c7f0d5171214

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 29 Sep 2019 15:03:02 GMT
content-encoding: gzip
last-modified: Tue, 20 Aug 2019 00:26:20 GMT
server: AmazonS3
age: 2457
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: OPlVoOutJTXQxpBdYEE3syCPOCOOHtom
status: 200
cache-control: public, max-age=3600
x-amz-cf-pop: FRA53-C1
content-type: application/javascript
x-amz-cf-id: e0PFoFa50Wpt3q4XgcBouBEWllAE2pmMw2EsNeaOWVK3v-7cn5J7GQ==
via: 1.1 fc7091924e65025d5bfb92361ec3e660.cloudfront.net (CloudFront)

GET
H/1.1 200
OK insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 15 KB
5 KB 7ms
6ms Script
application/x-javascript 2a02:26f0:6c00:28c::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:28c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 30 Sep 2019 15:28:14 GMT
Content-Encoding: gzip
Last-Modified: Mon, 23 Sep 2019 16:57:12 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=62542
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4571

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/858415995/ 2 KB
1 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858415995/?random=1569857294487&cv=9&fst=1569857294487&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&tiba=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&async=1&rfmt=3&fmt=4

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

575a6984fd8aa15f1675d5c4a2e3b5581977fb4bca49f2ff615f579b4bea02ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 15:28:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 970
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
322 B 7ms
6ms Image
image/gif 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=51bd9aeedeef4092868a0bd4386ea6d8&_biz_s=260b26&_biz_l=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&_biz_t=1569857294497&_biz_i=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&_biz_n=0&a=cylance.com&rnd=626345&cdn_o=a&_biz_z=1569857294498
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/41A2) / ASP.NET
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 15:28:14 GMT
x-aspnetmvc-version: 5.2
last-modified: Sat, 28 Sep 2019 17:56:39 GMT
server: ECS (fcn/41A2)
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 1 KB
1 KB 89ms
63ms XHR
application/json 143.204.214.90
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&page_title=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&key=7535516323dadf7e3d35f603eaad6491&src=tag
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.214.90 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-214-90.fra53.r.cloudfront.net
Software: nginx /
Resource Hash: a2b822bab96a6e095c7309930ececb5c93c84a4f87be1698189c623c8d6e0579

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
content-encoding: gzip
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
status: 200
access-control-max-age: 1728000
request-id: 1eaafdb8-b9f7-4981-b684-6044745ee76b
x-amz-cf-id: -Zo3yXrs_VvVKxZG1zTXP31OWvGuaIqP_1t2jc055zmnLnFbqkdBoQ==
pragma: no-cache
access-control-allow-origin: https://threatvector.cylance.com
server: nginx
vary: Accept-Encoding, Origin
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 269bfdd288bfea5423a4e9e701777da6.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
identification-source: CACHE
expires: Sun, 29 Sep 2019 15:28:14 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AAN-3U67JD4AABVzn-I0uw
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAN-3U67JD4AABVzn-I0uw&verifyHash=8d29c07a4b628c95e73a838212f176045893e105

26 B
409 B

98ms
98ms

Image
image/gif

143.204.214.111
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAN-3U67JD4AABVzn-I0uw&verifyHash=8d29c07a4b628c95e73a838212f176045893e105
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.214.111 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-214-111.fra53.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 30 Sep 2019 15:28:14 GMT
Via: 1.1 d01ad8df731d3f120823f9e20df55147.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA53-C1
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: b3d2fde38dc093a4
X-Amz-Cf-Id: X1tVx56ZZ2qhFJItrwhB9I1cJAKXUzSB6--P7zIwHS0Wiuan1lgaEw==

Redirect headers

Date: Mon, 30 Sep 2019 15:28:14 GMT
Via: 1.1 d01ad8df731d3f120823f9e20df55147.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA53-C1
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AAN-3U67JD4AABVzn-I0uw&verifyHash=8d29c07a4b628c95e73a838212f176045893e105
Connection: keep-alive
trace-id: 794173d085add271
Content-Length: 0
X-Amz-Cf-Id: Jex-DxM71Ii4ONzTaoisQ3E721fMHgoWsqY7IBeXPrjD2v9qtce4VQ==

GET
H2 200 BizibleAcct.js Show response
cdn.bizible.com/ 378 B
545 B 118ms
118ms Script
text/javascript 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/BizibleAcct.js?_biz_u=51bd9aeedeef4092868a0bd4386ea6d8&_biz_h=-1906410348&cdn_o=a&jsVer=4.19.06.26&a=cylance.com
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=cylance.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 733a27275c0481b079f488111697f1467d87939f97c0323096512afbdedb2c52

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:13 GMT
content-encoding: gzip
etag: 74303E6F
x-aspnetmvc-version: 5.2
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: private, must-revalidate, max-age=21600
content-type: text/javascript; charset=utf-8
content-length: 324

GET
H2 200 /
www.google.com/pagead/1p-user-list/858415995/ 42 B
110 B 21ms
21ms Image
image/gif 2a00:1450:4001:800::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/858415995/?random=1569857294487&cv=9&fst=1569855600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&tiba=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&async=1&fmt=3&is_vtc=1&random=2890651219&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 15:28:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/858415995/ 42 B
110 B 20ms
20ms Image
image/gif 2a00:1450:4001:819::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/858415995/?random=1569857294487&cv=9&fst=1569855600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&tiba=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&async=1&fmt=3&is_vtc=1&random=2890651219&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 15:28:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
149 B 51ms
51ms Image
text/plain 2620:1ec:c11::200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5637515&tm=al001&Ver=2&mid=57dd18b9-a0ae-1ef5-7494-187d52fc32ab&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&kw=APT28%20DLL,%20backdoor,%20Cylance,%20BlackBerry&p=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&r=&lt=1843&pt=1569857292617,,,,,0,1,24,24,501,180,501,817,817,819,1829,1829,1843,,,&pn=0,0&evt=pageLoad&msclkid=N&rn=420351
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Mon, 30 Sep 2019 15:28:14 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: B0220F3DE5FC4F4CBF4EEE1B7FA93A55 Ref B: VIEEDGE0317 Ref C: 2019-09-30T15:28:14Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 RC45a65cb4bab44e65966fc1bfe9d6d8ed-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 460 B
487 B 12ms
12ms Script
application/x-javascript 72.247.225.88
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC45a65cb4bab44e65966fc1bfe9d6d8ed-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.88 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-225-88.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 44df095afbcc3700bb27f3c430bce008b8074188be803787ce11b9b850ed6675

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:25 GMT
server: Apache
etag: "eb0abeded1d23a64ed81155c95cbb867:1560460645"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 254
expires: Mon, 30 Sep 2019 16:28:14 GMT

GET
H2 200 RC795343619189407bb257bf77f37e4f32-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 458 B
484 B 13ms
12ms Script
application/x-javascript 72.247.225.88
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC795343619189407bb257bf77f37e4f32-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.88 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-225-88.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b10bfe284fcea12155ae8def55a8ec14b8a804e198e06d985e6e8a1681851c63

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:25 GMT
server: Apache
etag: "6c8d0a2b5eadfc79c1cea9bda4c63d3f:1560460645"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 252
expires: Mon, 30 Sep 2019 16:28:14 GMT

GET
H2 200 RCa7a45d271f51412293463f49427635d0-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 472 B
499 B 14ms
14ms Script
application/x-javascript 72.247.225.88
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RCa7a45d271f51412293463f49427635d0-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.88 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-225-88.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ae0d8091f974c66bea6d9f9aeba9feb785eb4e5a4e779060ec5f31b525f61f0f

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:25 GMT
server: Apache
etag: "1cd1f676e57143bd85e5f21bdd4785bb:1560460645"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 265
expires: Mon, 30 Sep 2019 16:28:14 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=899212684&t=pageview&_s=1&dl=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&ul=en-us&de=UTF...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-33464378-1&cid=1658947386.1569857294&jid=1193073065&_gid=286943369.1569857294&gjid=1454407240&_v=j79&z=215626011
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1658947386.1569857294&jid=1193073065&_v=j79&z=215626011
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1658947386.1569857294&jid=1193073065&_v=j79&z=215626011&slf_rd=1&random=999491368

42 B
109 B

29ms
28ms

Image
image/gif

2a00:1450:4001:819::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1658947386.1569857294&jid=1193073065&_v=j79&z=215626011&slf_rd=1&random=999491368

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 15:28:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 30 Sep 2019 15:28:14 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1658947386.1569857294&jid=1193073065&_v=j79&z=215626011&slf_rd=1&random=999491368
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 RC65049b1ee2da4bed9ece12f15b7d466f-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 835 B
587 B 12ms
12ms Script
application/x-javascript 72.247.225.88
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC65049b1ee2da4bed9ece12f15b7d466f-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.88 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-225-88.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: c0aed91f1b10ec94f40fdf79c31d1f870fb4bf3eda63b61edb3bbaeff53a93e0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:25 GMT
server: Apache
etag: "3802beb763414589551c998a499408b3:1560460645"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 353
expires: Mon, 30 Sep 2019 16:28:14 GMT

GET
H2 200 u
cdn.bizible.com/m/ 43 B
116 B 7ms
7ms Image
image/gif 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/u?mapType=mkto&mapValue=id%3A524-DOM-989%26token%3A_mch-cylance.com-1569857294386-63614&_biz_u=51bd9aeedeef4092868a0bd4386ea6d8&_biz_s=260b26&_biz_l=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&_biz_t=1569857294499&_biz_i=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&_biz_n=1&a=cylance.com&rnd=470481&cdn_o=a&_biz_z=1569857294600
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40DD) / ASP.NET
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 15:28:14 GMT
x-aspnetmvc-version: 5.2
last-modified: Fri, 27 Sep 2019 04:41:15 GMT
server: ECS (fcn/40DD)
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizible.com/m/ 43 B
80 B 7ms
7ms Image
image/gif 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/u?mapType=ecid&mapValue=2297E09A576BB9677F000101%40AdobeOrg_86979854440309324994507338567879723163&_biz_u=51bd9aeedeef4092868a0bd4386ea6d8&_biz_s=260b26&_biz_l=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&_biz_t=1569857294500&_biz_i=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&_biz_n=2&a=cylance.com&rnd=898570&cdn_o=a&_biz_z=1569857294600
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40DD) / ASP.NET
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 15:28:14 GMT
x-aspnetmvc-version: 5.2
last-modified: Fri, 27 Sep 2019 04:41:15 GMT
server: ECS (fcn/40DD)
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H/1.1 200
OK s73020072833557
cylance.sc.omtrdc.net/b/ss/cylan-production/1/JS-2.12.0-L9TT/ 43 B
592 B 55ms
16ms Image
image/gif 66.117.29.227
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cylance.sc.omtrdc.net/b/ss/cylan-production/1/JS-2.12.0-L9TT/s73020072833557?AQB=1&ndh=1&pf=1&t=30%2F8%2F2019%2017%3A28%3A14%201%20-120&mid=86979854440309324994507338567879723163&aamlh=6&ce=UTF-8&pageName=home%3Ainside-the-apt28-dll-backdoor-blitz&g=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&cc=USD&ch=home&server=threatvector.cylance.com&events=event17&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=D%3Dv1&v1=threatvector.cylance.com&h1=home%7Cinside-the-apt28-dll-backdoor-blitz&c2=2019-09-27%2022%3A40%3A08&v3=friday&c4=8%3A28%20AM%7CMonday&v4=8%3A28%20AM%7CMonday&v6=home%3Ainside-the-apt28-dll-backdoor-blitz&v7=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&c8=D%3Dv8&v8=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&c9=D%3Dv9&v9=en_us&c10=D%3Dv10&c11=New&v11=First%20Visit&v12=New&c16=1&c17=16&v17=16&v35=The%20Cylance%20Threat%20Research%20Team&v36=research-and-intelligence&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=2297E09A576BB9677F000101%40AdobeOrg&AQE=1

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

66.117.29.227 , United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),

Reverse DNS

Software

Omniture DC/2.0.0 /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 30 Sep 2019 15:28:14 GMT
X-Content-Type-Options: nosniff
X-C: ms-6.10.0
P3P: CP="This is not a P3P policy"
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Tue, 01 Oct 2019 15:28:14 GMT
Server: Omniture DC/2.0.0
xserver: www39
ETag: "3371242868645593088-5029468572083150129"
Vary: *
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Expires: Sun, 29 Sep 2019 15:28:14 GMT

GET
H2 200 RC6d15653dcdbd4cccb51d7164ce31913c-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 1 KB
900 B 12ms
12ms Script
application/x-javascript 72.247.225.88
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC6d15653dcdbd4cccb51d7164ce31913c-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.88 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-225-88.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8f9713075b7edd29146b9f8472de0a9dea8c7f3dc2f41ff172f3e558536227c7

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:23 GMT
server: Apache
etag: "030fd508521493a75099bd78f60225e1:1560460644"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 667
expires: Mon, 30 Sep 2019 16:28:14 GMT

GET
H2

200

/ Show response
px.ads.linkedin.com/collect/
Redirect Chain

https://px.ads.linkedin.com/collect/?time=1569857294868&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&fmt=js&s=1
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1569857294868%26pid%3D37262%26url%3Dhttps%253A%252F%252Fthreatvector.cylance.com%252Fen_us%252Fh...
https://px.ads.linkedin.com/collect/?time=1569857294868&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&fmt=js&s=1&liSync=true

0
93 B

235ms
235ms

Script
application/javascript

2620:119:50e1:105::6cae:b25
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/collect/?time=1569857294868&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&fmt=js&s=1&liSync=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:119:50e1:105::6cae:b25 , United States, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:15 GMT
content-encoding: gzip
server: Play
vary: Accept-Encoding
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-esv5
content-type: application/javascript
content-length: 20
x-li-uuid: ycs9guRAyRWQje/xsioAAA==

Redirect headers

date: Mon, 30 Sep 2019 15:28:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 302
vary: Accept-Encoding
content-length: 20
x-li-uuid: ++h2eeRAyRWgpCMxqSsAAA==
server: Play
pragma: no-cache
x-li-pop: prod-edc2
x-frame-options: sameorigin
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect/?time=1569857294868&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&fmt=js&s=1&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 24 KB
9 KB 16ms
16ms Script
text/javascript 172.217.23.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN9a198e584a4641e5a638d027ddddb3cf.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

c6c59f99021c03392673132e9b28f9e1fc890710c531aa49b506b01adb5b8dcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9364
x-xss-protection: 0
server: cafe
etag: 14275855663230401311
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=86400
timing-allow-origin: *
expires: Mon, 30 Sep 2019 15:28:14 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/858415995/ 2 KB
1 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858415995/?random=1569857294900&cv=9&fst=1569857294900&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&tiba=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&rfmt=3&fmt=4

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

74c08daef91c9217e0cc81de1d45bf07ffd24387c8cb0b077c677ce6f4643d40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 15:28:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 966
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 33 KB
11 KB 14ms
14ms Script
text/javascript 72.247.224.172
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.224.172 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-224-172.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 4a1d3bf6c1cec783f967068348e78974da3b79cdfae1746c01f7f9ad86ad9951

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: 9.BQ9cxFANfreH2vrVxQTFpw5o67znAv
Content-Encoding: gzip
ETag: "4cdaf4a1f2ebfda8dd871575ebef2236"
x-amz-request-id: 43692B5807BE08A9
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 10345
x-amz-id-2: ZQUqt6+TOkdgwadOb4rRXtH/zTXxRMa2B/Q3JC2N12nwj4qVLAGSMuqUr6fSLmp42OnQir5Jk9Y=
Last-Modified: Wed, 25 Sep 2019 15:18:31 GMT
Server: AmazonS3
Date: Mon, 30 Sep 2019 15:28:14 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 /
www.google.com/pagead/1p-user-list/858415995/ 42 B
110 B 21ms
21ms Image
image/gif 2a00:1450:4001:800::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/858415995/?random=1569857294900&cv=9&fst=1569855600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&tiba=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&fmt=3&is_vtc=1&random=4175789648&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 15:28:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/858415995/ 42 B
110 B 20ms
20ms Image
image/gif 2a00:1450:4001:819::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/858415995/?random=1569857294900&cv=9&fst=1569855600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&tiba=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&fmt=3&is_vtc=1&random=4175789648&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 15:28:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/exp/OU3SUNRJWBHPTCY5X23OHE/ 37 B
689 B 14ms
13ms Script
application/javascript 72.247.224.172
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/OU3SUNRJWBHPTCY5X23OHE/index.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.224.172 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-224-172.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 6a8466d729c03a3f87ea7d1ea02379eae9ffc52171cd62b9428a39ca71675814

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: CKGmnIlKJox6JLwxvXOvZLG69tcsJdUa
ETag: "af5292134b7f9ce1b2a338c5daae4370"
x-amz-request-id: 949D760890369ADC
x-amz-server-side-encryption: AES256
Connection: keep-alive
Content-Length: 37
x-amz-id-2: E8xWQK5xhsgjSIl5izYLhRfWAwCSCIPub+EL7EtVofYiU8BjB4msio9nG7QA8yqVh7CKdA7X4kg=
Last-Modified: Thu, 19 Sep 2019 22:04:10 GMT
Server: AmazonS3
Date: Mon, 30 Sep 2019 15:28:14 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK OU3SUNRJWBHPTCY5X23OHE Show response
d.adroll.com/consent/check/ 52 B
511 B 27ms
27ms Script
application/javascript 54.217.212.192
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/OU3SUNRJWBHPTCY5X23OHE?_s=3232beb5131912652b1d69301469b30f&_b=2
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.217.212.192 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-217-212-192.eu-west-1.compute.amazonaws.com
Software: nginx/1.14.1 /
Resource Hash: 6a5862cec71ec62c1d809d12c7919541d611156c4afe375bf8cf7b5ddd7e406d

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 15:28:14 GMT
Server: nginx/1.14.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: application/javascript
Content-Length: 52

GET
H/1.1

200
OK

BMNOXKZHPFHPDK7ZYEXFSC.js Show response
s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/
Redirect Chain

https://d.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB?adroll_fpc=87fd8cfef8c7821f87f01cb3d0cedcd1-1569857294964&xid_ch=f&pv=721478743.4219439&cookie=&adroll_s_ref=&keyw=&arrfrr=h...
https://s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/BMNOXKZHPFHPDK7ZYEXFSC.js

6 KB
3 KB

193ms
193ms

Script
text/javascript

72.247.224.172
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/BMNOXKZHPFHPDK7ZYEXFSC.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.224.172 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-224-172.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 79a5a24099a0a07f7f110441ce3a04edc884ebcfa098f2dd88a29aeb4f14ca03

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: V2flq_cuofb0.7odwT2UwbzD1MgCIuJf
Content-Encoding: gzip
ETag: "08be8e66b3184f140f912a9c1babc1f7"
x-amz-request-id: 72496EB1E9914099
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 1995
x-amz-id-2: MTIZT/z4oD/3JbPm5QaEiQRHnUxlUa+LcYi9nfBnZIccMjbBpZUHhC88wRlXUKLzuBBwrY30lrk=
Last-Modified: Tue, 20 Aug 2019 22:52:59 GMT
Server: AmazonS3
Date: Mon, 30 Sep 2019 15:28:15 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Mon, 30 Sep 2019 15:28:14 GMT
X-Segment-Display-Name
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Connection: keep-alive
Content-Length: 0
Pragma: no-cache
X-Conversion-Value: 0.0
Server: nginx/1.14.1
X-Rule: *threatvector.cylance.com*
X-Segment-Eid: BMNOXKZHPFHPDK7ZYEXFSC
Location: https://s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/BMNOXKZHPFHPDK7ZYEXFSC.js
Cache-Control: no-store, no-cache, must-revalidate
X-Pixel-Eid: JFQUMKJ3NRFIFLRA5FOQKB
X-Segment-Name: a102ead2
X-Advertisable-Eid: OU3SUNRJWBHPTCY5X23OHE
X-Conversion-Currency

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 121 KB
31 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: s.adroll.com
URL: https://s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/BMNOXKZHPFHPDK7ZYEXFSC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

14d88b3a27f0e6de034f86ad42d6411081e9467daf754147f2f16bcb20782177

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-length: 31604
x-xss-protection: 0
pragma: public
x-fb-debug: lnzvn9w5B0uM6XTQazUQHTDr41wdSifWec+HNVLl7NnFF2bURWGBOORJIcF/FnSp+5P9LPJ/N78b4SsA/aEDmg==
x-fb-trip-id: 420120009
x-frame-options: DENY
date: Mon, 30 Sep 2019 15:28:15 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK sendrolling.js Show response
s.adroll.com/j/ 9 KB
3 KB 12ms
12ms Script
text/javascript 72.247.224.172
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/sendrolling.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.224.172 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-224-172.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: zwhvLQqU_bzZQXYQsmzqPfdjhgNu8Tlx
Content-Encoding: gzip
ETag: "15441b08d0c4f93b1dd5f533cd361cd8"
x-amz-request-id: F6984BFC4E5A3924
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 2039
x-amz-id-2: JMB1Dn4xb5M4j5hBgJs0o2mNJW9CMhsza7jkg7kPEviBgrCtamfuTX1UgnfwZEtK975LnN0jACk=
Last-Modified: Thu, 19 Sep 2019 17:50:09 GMT
Server: AmazonS3
Date: Mon, 30 Sep 2019 15:28:15 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55980/
Redirect Chain

https://d.adroll.com/cm/aol/out?adroll_fpc=87fd8cfef8c7821f87f01cb3d0cedcd1-1569857294964&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE
https://pixel.advertising.com/ups/55980/sync?uid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
https://pixel.advertising.com/ups/55980/sync?uid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true
https://ups.analytics.yahoo.com/ups/55980/sync?uid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPebd190f7-e396-11e9-b46f-02...
https://ups.analytics.yahoo.com/ups/55980/sync?uid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPebd190f7-e396-11e9-b46f-02...

0
472 B

8ms
8ms

Image
text/plain

52.29.177.239
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ups.analytics.yahoo.com/ups/55980/sync?uid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPebd190f7-e396-11e9-b46f-0217404b423a&verify=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.177.239 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-29-177-239.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
date: Mon, 30 Sep 2019 15:28:15 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status: 302
date: Mon, 30 Sep 2019 15:28:15 GMT
content-length: 0
location: https://ups.analytics.yahoo.com/ups/55980/sync?uid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPebd190f7-e396-11e9-b46f-0217404b423a&verify=true
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://d.adroll.com/cm/index/out?adroll_fpc=87fd8cfef8c7821f87f01cb3d0cedcd1-1569857294964&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&expiration=1601393295
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&expiration=1601393295&C=1

43 B
898 B

42ms
42ms

Image
image/gif

72.247.225.98
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&expiration=1601393295&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.98 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-225-98.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 15:28:15 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 30 Sep 2019 15:28:15 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 15:28:15 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&expiration=1601393295&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 333
Expires: Mon, 30 Sep 2019 15:28:15 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out?adroll_fpc=87fd8cfef8c7821f87f01cb3d0cedcd1-1569857294964&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&expires=365

0
239 B

34ms
10ms

Image
image/gif

69.173.144.136
The Rubicon Project

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&expires=365
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.136 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/gif

Redirect headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 15:28:15 GMT
Server: nginx/1.14.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&expires=365
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 124

GET
H2

200

cookie-sync
sync.outbrain.com/
Redirect Chain

https://d.adroll.com/cm/outbrain/out?adroll_fpc=87fd8cfef8c7821f87f01cb3d0cedcd1-1569857294964&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE
https://sync.outbrain.com/cookie-sync?p=adroll&uid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM
https://sync.outbrain.com/cookie-sync?p=adroll&uid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&rdrctExp=true

0
359 B

214ms
214ms

Image
text/plain

151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=adroll&uid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&rdrctExp=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:15 GMT
via: 1.1 varnish, 1.1 varnish
traffic-path: NYDC1, JFK, FRA, Europe1
x-timer: S1569857295.399594,VS0,VE208
accept-ranges: bytes, bytes
x-served-by: cache-jfk8148-JFK, cache-fra19151-FRA
x-cache: MISS, MISS
status: 200
backend-ip: 104.156.90.48
x-traceid: 3cb4e34fc1e75da277db250c4e984470
content-length: 0
x-cache-hits: 0, 0

Redirect headers

date: Mon, 30 Sep 2019 15:28:15 GMT
via: 1.1 varnish, 1.1 varnish
traffic-path: NYDC1, JFK, FRA, Europe1
x-timer: S1569857295.307349,VS0,VE86
accept-ranges: bytes, bytes
x-served-by: cache-jfk8149-JFK, cache-fra19151-FRA
status: 302
x-cache: MISS, MISS
location: https://sync.outbrain.com/cookie-sync?p=adroll&uid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&rdrctExp=true
backend-ip: 104.156.90.49
x-traceid: 7c7792eb714cf9eceaa4a4d5670dcb14
content-length: 0
x-cache-hits: 0, 0

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=87fd8cfef8c7821f87f01cb3d0cedcd1-1569857294964&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENA...

1 B
862 B

37ms
13ms

Image
text/html

185.64.189.110
PubMatic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Mon, 30 Sep 2019 15:28:15 GMT
X-lat: Pug22043:0:580
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 15:28:15 GMT
Server: nginx/1.14.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 220

GET
H/1.1

200
OK

in
d.adroll.com/cm/r/
Redirect Chain

https://d.adroll.com/cm/r/out?adroll_fpc=87fd8cfef8c7821f87f01cb3d0cedcd1-1569857294964&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

42 B
488 B

30ms
29ms

Image
image/gif

54.217.212.192
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.217.212.192 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-217-212-192.eu-west-1.compute.amazonaws.com
Software: nginx/1.14.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 15:28:15 GMT
Server: nginx/1.14.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42

Redirect headers

Date: Mon, 30 Sep 2019 15:28:15 GMT
X-Content-Type-Options: nosniff
Server: ATS
Age: 0
Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security: max-age=31536000
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Location: https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block

GET
H2

204

/
trc.taboola.com/sg/adroll-network/1/rtb-h/
Redirect Chain

https://d.adroll.com/cm/taboola/out?adroll_fpc=87fd8cfef8c7821f87f01cb3d0cedcd1-1569857294964&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE
https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM

0
263 B

16ms
14ms

Image
text/plain

151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:15 GMT
via: 1.1 varnish
server: nginx
x-timer: S1569857295.331493,VS0,VE8
x-cache: MISS
status: 204
x-cache-hits: 0
accept-ranges: bytes
x-served-by: cache-fra19151-FRA

Redirect headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 15:28:15 GMT
Server: nginx/1.14.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 111

GET
H2

500

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/triplelift/out?adroll_fpc=87fd8cfef8c7821f87f01cb3d0cedcd1-1569857294964&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE
https://eb2.3lift.com/xuid?mid=4714&xuid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&dongle=c85e
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&dongle=c85e&gdpr=1&cmp_cs=

37 B
257 B

9ms
9ms

Image
image/gif

52.29.202.222
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&dongle=c85e&gdpr=1&cmp_cs=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.202.222 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-29-202-222.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 500
date: Mon, 30 Sep 2019 15:28:15 GMT
cache-control: no-cache, no-store, must-revalidate
x-error: Userdata operation failed
content-length: 37
content-type: image/gif

Redirect headers

status: 302
date: Mon, 30 Sep 2019 15:28:15 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: /xuid?ld=1&mid=4714&xuid=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM&dongle=c85e&gdpr=1&cmp_cs=
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK in
d.adroll.com/cm/mk/ADVERTISABLE_EID/ 42 B
488 B 30ms
30ms Image
image/gif 54.217.212.192
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/mk/ADVERTISABLE_EID/in?id=id%3A524-DOM-989%26token%3A_mch-cylance.com-1569857294386-63614
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.217.212.192 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-217-212-192.eu-west-1.compute.amazonaws.com
Software: nginx/1.14.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 15:28:15 GMT
Server: nginx/1.14.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42

GET
H/1.1

200
OK

in
d.adroll.com/cm/r/
Redirect Chain

https://d.adroll.com/cm/r/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

42 B
488 B

30ms
29ms

Image
image/gif

54.217.212.192
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.217.212.192 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-217-212-192.eu-west-1.compute.amazonaws.com
Software: nginx/1.14.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 15:28:15 GMT
Server: nginx/1.14.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42

Redirect headers

Date: Mon, 30 Sep 2019 15:28:15 GMT
X-Content-Type-Options: nosniff
Server: ATS
Age: 0
Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security: max-age=31536000
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Location: https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block

GET
H2

200

sync
x.bidswitch.net/ul_cb/
Redirect Chain

https://d.adroll.com/cm/b/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://x.bidswitch.net/sync?dsp_id=44&user_id=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM

43 B
380 B

81ms
81ms

Image
image/gif

52.29.212.58
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.212.58 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-29-212-58.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Mon, 30 Sep 2019 15:28:15 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

status: 302
date: Mon, 30 Sep 2019 15:28:15 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

setuid
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://ib.adnxs.com/setuid?entity=172&code=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM

43 B
874 B

40ms
12ms

Image
image/gif

185.33.223.221
AppNexus

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=172&code=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.221 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

316.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 15:28:17 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 316.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.56:80
AN-X-Request-Uuid: 34ca6701-941a-43f2-b855-a505406f7e3a
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 15:28:15 GMT
Server: nginx/1.14.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://ib.adnxs.com/setuid?entity=172&code=ODQxYTRjMjE0MzA1M2FiNzhjZThiMzAwMTI5NTFiZDM
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 93

GET
H2

204

377928.gif
idsync.rlcdn.com/
Redirect Chain

https://d.adroll.com/cm/l/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://idsync.rlcdn.com/377928.gif?partner_uid=841a4c2143053ab78ce8b30012951bd3

0
62 B

303ms
290ms

Image
text/plain

35.190.72.21
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/377928.gif?partner_uid=841a4c2143053ab78ce8b30012951bd3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.190.72.21 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 21.72.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
date: Mon, 30 Sep 2019 15:28:15 GMT
via: 1.1 google
alt-svc: clear

Redirect headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 15:28:15 GMT
Server: nginx/1.14.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://idsync.rlcdn.com/377928.gif?partner_uid=841a4c2143053ab78ce8b30012951bd3
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 86

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://us-u.openx.net/w/1.0/sd?id=537103138&val=841a4c2143053ab78ce8b30012951bd3
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=841a4c2143053ab78ce8b30012951bd3

43 B
183 B

19ms
19ms

Image
image/gif

34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=841a4c2143053ab78ce8b30012951bd3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.163.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 15:28:15 GMT
via: 1.1 google
server: OXGW/16.163.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
status: 200
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Mon, 30 Sep 2019 15:28:15 GMT
via: 1.1 google
server: OXGW/16.163.0
status: 302
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=841a4c2143053ab78ce8b30012951bd3
alt-svc: clear
content-length: 0

GET
H/1.1

200
OK

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?advertisable=OU3SUNRJWBHPTCY5X23OHE&google_nid=adroll5
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=hBpMIUMFOreM6LMAEpUb0w
https://d.adroll.com/cm/g/in

42 B
523 B

29ms
29ms

Image
image/gif

54.217.212.192
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.217.212.192 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-217-212-192.eu-west-1.compute.amazonaws.com
Software: nginx/1.14.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 15:28:15 GMT
Server: nginx/1.14.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
X-Result: g.-1.-1.-1

Redirect headers

pragma: no-cache
date: Mon, 30 Sep 2019 15:28:15 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://d.adroll.com/cm/g/in
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 225
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1792927231029740 Show response
connect.facebook.net/signals/config/ 307 KB
79 KB 85ms
85ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1792927231029740?v=2.9.4&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

4cdb5521799347327648c9276d2efa4b5c608ca21238cb091f2629d4c95e6cea

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-trip-id: 420120009
pragma: public
x-fb-debug: OjSkmGPNuRE3D00qDZvYz9H31BOzyMyNbYmWxPFB/J4IYjpahP2J99E37+PBzBGL3pTNOu66AG07vJ8O0vQRdQ==
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: DENY
date: Mon, 30 Sep 2019 15:28:15 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
vary: Accept-Encoding
x-xss-protection: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 inferredEvents.js Show response
connect.facebook.net/signals/plugins/ 35 KB
10 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/inferredEvents.js?v=2.9.4

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

b4e9e9bef19c34422f55a7fdb9d10c4db5e39cff24b8c98a0be0e09b2ee6ac2b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-length: 10218
x-xss-protection: 0
pragma: public
x-fb-debug: DTpGi0uOqaSRKAnpko0hK0sR91yu98JfRZo841HzeLkf4bp1Tw1N07gldgVa16kCcvyh1CxiP9F8bPzx3gxV/w==
x-fb-trip-id: 420120009
x-frame-options: DENY
date: Mon, 30 Sep 2019 15:28:15 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
246 B 6ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1792927231029740&ev=PageView&dl=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&rl=&if=false&ts=1569857295332&cd[segment_eid]=BMNOXKZHPFHPDK7ZYEXFSC&sw=1600&sh=1200&v=2.9.4&r=stable&ec=0&o=29&fbp=fb.1.1569857295331.914691561&it=1569857295212&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 15:28:15 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Mon, 30 Sep 2019 15:28:15 GMT

Verdicts & Comments Add Verdict or Comment

178 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.demdex.net/	1970-01-19 08:23:29	Name: demdex Value: 86531401560127116234480547295151431759
.cylance.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.cylance.com/	1969-12-31 23:59:59	Name: s_tp Value: 18224
.cylance.com/	1970-01-19 12:49:53	Name: s_vnum Value: 1601393294685%26vn%3D1
.cylance.com/	1970-01-19 04:04:19	Name: s_lv_s Value: First%20Visit
.cylance.com/	1970-01-20 06:21:05	Name: s_lv Value: 1569857294684
.cylance.com/	1970-01-19 12:49:53	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22Mkto%22%3A%221%22%2C%22Ecid%22%3A%22-658176531%22%2C%22XDomain%22%3A%221%22%7D
.cylance.com/	1970-01-19 12:49:53	Name: _biz_pendingA Value: %5B%5D
.threatvector.cylance.com/	1970-01-19 04:05:43	Name: _gid Value: GA1.3.286943369.1569857294
.cylance.com/	1970-01-19 04:04:19	Name: _biz_sid Value: 260b26
.cylance.com/	1970-01-19 21:36:55	Name: AMCV_2297E09A576BB9677F000101%40AdobeOrg Value: -715282455%7CMCIDTS%7C18170%7CMCMID%7C86979854440309324994507338567879723163%7CMCAAMLH-1570462094%7C6%7CMCAAMB-1570462094%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1569864494s%7CNONE%7CMCSYNCSOP%7C411-18177%7CvVersion%7C4.2.0
threatvector.cylance.com/	1970-01-19 04:04:18	Name: AWSELB Value: 4D0BDD9F0A163D48ECFEF400CB706ACF82CD0195C8D5AF0B639C0FF52381F196F79B59DABDA4381BCD335FA13A79BACAFDE223CF13FD25873C7A2BC0E5C1F5ABCE7C0F7EBB
.cylance.com/	1970-01-19 04:47:29	Name: s_nr Value: 1569857294685-New
.cylance.com/	1970-01-19 12:49:53	Name: _biz_uid Value: 51bd9aeedeef4092868a0bd4386ea6d8
.cylance.com/	1969-12-31 23:59:59	Name: s_ppv Value: home%253Ainside-the-apt28-dll-backdoor-blitz%2C7%2C7%2C1200
.cylance.com/	1969-12-31 23:59:59	Name: AMCVS_2297E09A576BB9677F000101%40AdobeOrg Value: 1
.cylance.com/	1970-01-19 21:35:29	Name: _mkto_trk Value: id:524-DOM-989&token:_mch-cylance.com-1569857294386-63614
.threatvector.cylance.com/	1970-01-19 04:04:17	Name: _gat_904909c8b4224b069399ead37fce794b Value: 1
.cylance.com/	1970-01-19 04:04:19	Name: s_invisit Value: true
.cylance.com/	1970-01-19 12:49:53	Name: _biz_nA Value: 3
.threatvector.cylance.com/	1970-01-19 21:35:29	Name: _ga Value: GA1.3.1658947386.1569857294

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html(Line 247) Message: cookie not is active
console-api	log	(Line 2) Message: add----roll1
console-api	log	(Line 2) Message: add----roll2
console-api	log	(Line 2) Message: add----roll2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

524-dom-989.mktoresp.com
ads.yahoo.com
api.company-target.com
app-sj16.marketo.com
assets.adobedtm.com
bat.bing.com
cdn.bizible.com
cdn.rawgit.com
cm.everesttech.net
cm.g.doubleclick.net
connect.facebook.net
cylance.demdex.net
cylance.sc.omtrdc.net
d.adroll.com
dpm.demdex.net
dsum-sec.casalemedia.com
eb2.3lift.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
ib.adnxs.com
idsync.rlcdn.com
match.prod.bidr.io
munchkin.marketo.net
pixel.advertising.com
pixel.rubiconproject.com
px.ads.linkedin.com
s.adroll.com
s.ytimg.com
s7d2.scene7.com
segments.company-target.com
simage2.pubmatic.com
snap.licdn.com
stats.g.doubleclick.net
sync.outbrain.com
tag.demandbase.com
threatvector.cylance.com
trc.taboola.com
ups.analytics.yahoo.com
us-u.openx.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.linkedin.com
www.youtube.com
x.bidswitch.net
104.111.251.133
104.16.96.80
143.204.214.111
143.204.214.24
143.204.214.90
151.101.14.2
151.139.237.11
172.217.23.98
185.33.223.221
185.64.189.110
192.28.147.68
2620:119:50e1:105::6cae:b25
2620:119:50e4:101::6cae:b51
2620:1ec:c11::200
2a00:1288:110:833::4000
2a00:1450:4001:800::2004
2a00:1450:4001:80b::200e
2a00:1450:4001:817::200a
2a00:1450:4001:819::2003
2a00:1450:4001:81e::200e
2a00:1450:4001:821::200e
2a00:1450:4001:825::2002
2a00:1450:4001:825::2003
2a00:1450:400c:c06::9b
2a02:26f0:6c00:28c::25ea
2a02:26f0:6c00:297::9b6
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
3.248.26.129
34.95.120.147
35.190.72.21
52.212.90.74
52.29.177.239
52.29.202.222
52.29.212.58
52.48.112.242
52.58.138.174
54.148.87.203
54.217.212.192
66.117.28.86
66.117.29.227
69.173.144.136
72.247.224.172
72.247.225.88
72.247.225.98
93.184.220.178
03f71f7cf4b7044d55aa17f413b7b312d2fe87c21032f0d31a08adce9f54f674
099bace63963205abb1875d577e797bdac573989ab27a75960eafe3ccd5fa27a
09bc1009eb3d9cbc800e4933a407c81b1920be72f28254baff513ee8f422f5b0
0ab842476f3437f398ceeaeca957b0abf23d78d307ec16518ad12ea6781ca9e6
0ae8b9f65be3d17cffca937736679b69dd0b727f7a9bf20a95e6b6e16ed76c47
0d9ab500d1938a5eba801a14a7fe0856dcc39e83850ef45d08ce3e7cb98223a6
0e23b84d6736b1645a695282788cee2070cd3f5cd2c5c2e31ea0b44a942294c2
0e41a843709f19f5327078ad0e4fca7ff8485d280f2458c15b555957a0e646cd
1017b2b6551aca43896313770d3c3041d58cee227ce35861c60ef0a10dc38c64
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
14d88b3a27f0e6de034f86ad42d6411081e9467daf754147f2f16bcb20782177
1a7103ddeebf3a313febafe1aba08a1cec143c98a7b6e51cacbf8893093efaa2
1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d
1cac386a226657759d39c04b26768f03915090f0f1a5b4e6ca815d7478228159
26ae4b0eb488fa35fca8b199e05b5b5236192cf04a2fa5a91ba6c5c4d5ffc06d
287450a4f4a05b901d7b7b5df6252640aec13825c1059905a79c369e4f97ec23
2afa0193eebc6dcba6256c02ba126cd809b278a8c271ba1344af1d54520fb173
2d9245daf2dcc8739b68091fc3afea1e48c3add85f07d57e551a2ab7a714853e
304bfe9eb3f7bd61580b2a74331e32e2c5bb918afa808dc35f01f32f2e693510
321bbcc4cc57483b7e329186e5159498b668ddde87cb64696ddcdc95176cce82
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44df095afbcc3700bb27f3c430bce008b8074188be803787ce11b9b850ed6675
45e2f85e3aab6c36988703f5cc06444289bb795a25736b74975073c98de18498
4a1d3bf6c1cec783f967068348e78974da3b79cdfae1746c01f7f9ad86ad9951
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4cdb5521799347327648c9276d2efa4b5c608ca21238cb091f2629d4c95e6cea
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
575a6984fd8aa15f1675d5c4a2e3b5581977fb4bca49f2ff615f579b4bea02ac
60591f0eed0ccbba8cff2adcd297791578089236065ec658ddbfdf9892f6a175
60ff723a37b80b02ac35c1efaf48c348d025fa19505f64c25fa02c7c77866239
62d710d9bda1dbd522c180805ec2a66d82c84ec1093813ebf39d22f04b30d871
62dc909fddeee34ab26f67b53e11230af692a42853134d565c1e9d6194675253
66de82969f617c85184ad351d55501233e538e7f54caa684368c8a155053874d
66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76
6a5862cec71ec62c1d809d12c7919541d611156c4afe375bf8cf7b5ddd7e406d
6a8466d729c03a3f87ea7d1ea02379eae9ffc52171cd62b9428a39ca71675814
724e680010b9d1ee1b0f0db1e6099c7db6b5229be91cf5b75533de3c5b8c7d1c
733a27275c0481b079f488111697f1467d87939f97c0323096512afbdedb2c52
74c08daef91c9217e0cc81de1d45bf07ffd24387c8cb0b077c677ce6f4643d40
7848472b4e994bcd2cb522201f6c123b50c4b37e5aab979ac50db3244eb894d5
78e7b9885e3b62d9852dc6db9b518330fb9018039a472689e1060790a64eb171
79a5a24099a0a07f7f110441ce3a04edc884ebcfa098f2dd88a29aeb4f14ca03
7b86ac9779af83777789a7fc81940793f77b5bd3ff3d36ac8e925fccf656247a
7fbbeba68616ec3cd21955086a765a1c74d81b3f2772babba4f8f9719adb2d5c
8235e55fa7f1c889f552c3d7415b6bfff016a82035dc5c77da7a1789a3de95e3
8658dcad983dacbb3bca7bc8217fd0b75f28df85bf9259bd0dccf69e58cb0ecd
87f55f0eb8ca3828f1f3c43da32e71933463b639ff59c86fab549600912ac687
89a3c120cd572641fb6a13d72907fceac0b838e2b8e41d8b62f604fe5510aee8
8b8fc55fbc2dcfe88398bedbc20cca9abc7f1c88caf69481f4ed98f126a5fb47
8f9713075b7edd29146b9f8472de0a9dea8c7f3dc2f41ff172f3e558536227c7
937fdd2761db8d890407be8c18e64a7f3c19ded89b4d67f5606e30a560bd63c5
93a431303f6163e1a1b17d0fe9ac4edb2b042333aec637187fa92f9ed1050ae8
96904bcac47ca5d98b664970580ea473e1e6a6b285c87e8cb3caa2f1928e7219
9913bba300e77cd7898ce5a11558bf789fd15cb686107a10a648109117816be1
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2b822bab96a6e095c7309930ececb5c93c84a4f87be1698189c623c8d6e0579
adc2c8e679ffd8f0cbc9270749db4f687b9201280b2913c2817f230584ea4e1d
ae0d8091f974c66bea6d9f9aeba9feb785eb4e5a4e779060ec5f31b525f61f0f
af6f1a1d1ca5b44168e2d69e4e92daf576df150cc615c9e62adc6eb909a73114
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b10bfe284fcea12155ae8def55a8ec14b8a804e198e06d985e6e8a1681851c63
b139982ce002c53ddfb65aec1e90704c0a3704fc5aa35247f9323b74a1d3f721
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b194fd385666036162259f55563a017e78753671e0fbd3be31a272dc2b869876
b4e9e9bef19c34422f55a7fdb9d10c4db5e39cff24b8c98a0be0e09b2ee6ac2b
b8b5683eb4fcbc82d4c540136efe3ee0ded7371ff2cf7f8c785843e9c861aec0
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b
c0aed91f1b10ec94f40fdf79c31d1f870fb4bf3eda63b61edb3bbaeff53a93e0
c6c59f99021c03392673132e9b28f9e1fc890710c531aa49b506b01adb5b8dcd
c6e538e6a9213d8d6cb6a1f3b7c03e5a06d68ff25ec57e6eb5b4868289464de0
ce11c18967ab30115878af2f6c6dc88fce05dbda48df9cea5a7abf9fb311ef5f
cff371c01c3befd5a6c96bc1af3c55158b6007e6223244fc245247e94f42cfb4
d46f9e013df1aa1864b8a744dd8f1bddf6b0a372d8745917d432c7f0d5171214
d4e42e78d5938248bc7eeac03bfacee8cd2a392daa3885637a7899ca4fb30e3c
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dd1dad45fd0dd168ad46427307aa8a206b857b783ca3afbcfe2bc8b8724acec0
dd6e22647ce2f168a4563f0f7e58299a739e769f20d4e852bc2aca006d7a5748
e2c6c1157ce1c3288e63b8905ebfae86fcf208e6c9886d28bfdac86e1c733065
e35896fcd15b2238b1b5e2d4fbbd2b287f57dbbded51ab1a2217c38ce6a51d2f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e85d93603219c7af97e29b183b6f22d04991b9b01c4a79ae824e62ea7aa809b5
eb2deec7e5394e29e51ff83e920f1ce3c092ae5c63b711a4b755b9861a8bc6cd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775
f17a340f0388383e8d2a70632006d51e5d0e95f60f1cca3f774bd78b5d3dcd07
f419df72131b2e7ec36c56950099c5c8f88e3e8ba7de2438b0484d0786e56200
f6281f4fc0c8b4cd0ecb0cf382c080d9e5f01b58c816d5f071969f3734465fc6
f871ea640b390fb63955568f537fe736c5fd9d12600eaff29990183ed3d17712
fe08d074a32f7c481cc425d22cdd787137feea90578e0b10556cebeefcfa3040
fe7b1fa106b52fd3b7a72421171503eee8ec0c911d495be3ce168f76ed7cc8b1
fe884e48d8d2602152678463aa5ac92bb7bd73b357851406aebcc046ab1d8b9f

threatvector.cylance.com Open in urlscan Pro 54.148.87.203 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

117 Requests

100 %HTTPS

37 %IPv6

41 Domains

48 Subdomains

40 IPs

7 Countries

1082 kBTransfer

3091 kBSize

21 Cookies

17 Outgoing links

Redirected requests

117 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

threatvector.cylance.com Open in urlscan Pro
54.148.87.203 Public Scan

Screenshot
Live screenshot

Full Image

117
Requests

100 %
HTTPS

37 %
IPv6

41
Domains

48
Subdomains

40
IPs

7
Countries

1082 kB
Transfer

3091 kB
Size

21
Cookies

117 HTTP transactions
0 data transactions